Available Zones

The following table summarizes the zones that can be queried, the Spamhaus databases they are connected to, and the possible return codes (represented by A records in the answers to DNS lookups, and by numeric response codes in HTTP lookup replies).

The last two return codes are associated with invalid DQS keys and apply to any query made using such keys.

Return Codes

DNSBLs return one or more A records for positive replies.Each returned A record (associated with a different IP) is used to represent a specific message.Return codes provided by the HTTP API are 1-to-1 mapped to such A records.

Zone Type Database(s) Return Codes
sbl IP SBL * 127.0.0.2 (1002) - SBL
* 127.0.0.3 (1003) - CSS (automated)
* 127.0.0.9 (1009) - DROP (always in addition to SBL)
* 127.0.0.8 (1008) - currently unused
xbl IP XBL * 127.0.0.4 (1004) - CBL
* from 127.0.0.5 (1005) to .7 (1007) - currently unused
sbl-xbl IP SBL+XBL * 127.0.0.2 (1002) - SBL
* 127.0.0.3 (1003) - CSS
* 127.0.0.9 (1009) - DROP
* 127.0.0.4 (1004) - CBL
(see details above)
pbl IP PBL * 127.0.0.10 (1010) - entry maintained by ISP
* 127.0.0.11 (1011) - entry maintained by Spamhaus
zen IP SBL+XBL+PBL * 127.0.0.2 (1002) - SBL
* 127.0.0.3 (1003) - CSS
* 127.0.0.9 (1009) - DROP
* 127.0.0.4 (1004) - CBL
* 127.0.0.10 (1010) - PBL
* 127.0.0.11 (1011) - PBL
(see details above)
authbl IP AuthBL * 127.0.0.20 (1020) - AuthBL
dbl Domain DBL * 127.0.1.2 (2002) - low-reputation domain
* 127.0.1.4 (2004) - phishing-related domain
* 127.0.1.5 (2005) - malware-related domain
* 127.0.1.6 (2006) - botnet C&C domain
* 127.0.1.102 (2102) - abused-legit domain
* 127.0.1.103 (2103) - abused redirector
* 127.0.1.104 (2104) - abused domain used in phishing
* 127.0.1.105 (2105) - abused domain used by malware
* 127.0.1.106 (2106) - abused domain hosting C&C
* 127.0.1.255 - ERROR: IP query against a domain list (DNS only)
zrd Domain ZRD * 127.0.2.2 (3002) - domain first seen between 0 and 2 hours ago
* 127.0.2.3 (3003) - domain first seen between 2 and 3 hours ago
* […]
* 127.0.2.24 (3024) - domain first seen between 23 and 24 hours ago
ANY IP,
Domain
none * 127.255.255.250 (256250) - ERROR: DQS key disabled
* 127.255.255.251 (256251) - ERROR: DQS key illegally used
* 127.255.255.252 (no HTTP API) - typing error in DNSBL name